What is claimed is: 



1. An access control system comprising: 
an operating system; and 

an access control device for controlling access from each 
of one or more processes executed by the operating system to 
one of one or more devices, wherein: 

each of the processes accesses one of the devices via a 
device file or one of device files corresponding to the one device; 

a plurality of device files may be generated for any one 
or more of the devices; 

the operating system comprises: 

device file generating means for generating a device file 
or device files for a route or each of routes through which each 
of the processes accesses one of the devices; 

access rule setting means for setting access rules 
indicating methods for accessing device files for each of the 
routes ; and 

access control means for controlling access to each device 
file according to an access rule; 

the access control device unifies access rules set for 
routes to a plurality of device files corresponding to a common 
device; and 

the access control means controls access to each device 
file according to a unified access rule if the access rules have 
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been unified. 

2. An access control device for controlling access from 
each of one or more processes to one of one or more devices, 
wherein : 

each of the processes accesses one of the devices via a 
device file or one of device files corresponding to the one device; 

a device file or device files are generated for a route 
or each of routes through which each of the processes accesses 
one of the devices; 

access rules indicating methods for accessing device files 
are set for each of routes; 

access to each device file is controlled according to an 
access rule; and 

a plurality of device files may be generated for each of 
arbitrary ones of the devices, the access control device 
comprising : 

access rule extracting means for extracting access rules 
set for routes to a plurality of device files corresponding to 
a common device; and 

access rule deriving means for deriving a unified access 
rule for each device on the basis of the extracted access rules. 

3 . The access control device according to claim 2, wherein 
if a plurality of access rules extracted for each device are 
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different from each other, the access rule deriving means employs 
one of the plurality of different access rules as a unified access 
rule . 

4 . The access control device according to claim 2 , wherein 
if a plurality of access rules extracted for each device are 
different from each other, the access rule deriving means derives 
a unified access rule on the basis of characteristics of files 
linked to the respective device files. 

5 . The access control device according to claim 2 , wherein 
if a plurality of access rules extracted for a device are different 
from each other, the access rule deriving means employs one of 
the plurality of different access rules most restrictions on 
access to the device file as a unified access rule. 

6 . The access control device according to claim 2 , wherein : 
the processes are executed by an operating system; 
each route exists in one or more directories managed by 

the operating system and consists of one or more files linked 
to each other between each process and each device file; and 
each access rule is set for a directory in which a file 
linked to a device file exists. 

7 . The access control device according to claim 2, wherein 
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each access rule indicates at least whether each of reading and 
writing on a device file by each of files linked to the device 
file is permitted or not. 

8 . The access control device according to claim 6 , wherein : 
an operating system stores the access rules; 

the access rule extracting means extracts access rules 
set for routes to eachof a plurality of device files corresponding 
to each common device from the stored access rules when the 
operating system is activated; and 

the access rule deriving means derives a unified access 
rule for each device from the extracted access rules when the 
operating system is activated. 

9 . The access control device according to claim 2 , wherein : 
an operating system accepts alternation of an access rule 

to notify the access control device of the altered access rule; 

the access rule extracting means extracts access rules 
set for routes to each of a plurality of device files relating 
to the altered access rule when notified of the altered access 
rule; and 

the access rule deriving means derives a unified access 
rule for each device from the extracted access rules when notified 
of the altered access rule. 
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10. An access control method for controlling access from 
each of one or more processes to one of one or more devices, 
wherein each of the processes accesses one of the devices via 
a device file or one of device files corresponding to the one 
device, the access control method comprising the steps of: 

generating a device file or device files for a route or 
each of routes through which each of the processes accesses one 
of the devices, a plurality of device files being generated 
possibly for each of arbitrary ones of the devices; 

setting access rules indicating methods for accessing 
device files for each of routes; 

extracting access rules that are set for routes to a 
plurality of device files corresponding to a common device; 

deriving a unified access rule for each device on the basis 
of the extracted access rules; and 

controlling access to each device file according to the 
unified access rule. 

11. A program for controlling access from each of one or 
more processes to one of one or more devices, wherein each of 
the processes accesses one of the devices via a device file or 
one of device files corresponding to the one device, the program 
causing a computer to execute the steps of: 

generating a device file or device files for a route or 
each of routes through which each of the processes accesses one 
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of the devices by each of the processes, the plurality of device 
files being generated possibly corresponding to any one or more 
of the devices ; 

setting access rules indicating methods for accessing 
device files for each of routes; 

extracting access rules that are set for routes to a 
plurality of device files corresponding to a common device; 

deriving a unified access rule for each device on the basis 
of the extracted access rules; and 

controlling access to each device file according to the 
unified access rule. 



31 



